Session state and Xdb tracking no longer required for rendering personalisation

Sun, Feb 14, 2021 in Development , Sitecore using tags Sitecore , Hotfix , SessionState

Happy Valentine’s day

 

I heart Sitecore Support

 

Background

So for quite sometime in order to be able to personalise a rendering on Content Delivery you’ve had to turn on Xdb tracking, even if you don’t want to use Xdb.
And by turning on Xdb Tracking, you have to turn on ASP.NET Session State, or it blows up.

  • “Xdb.Tracking.Enabled” = true
  • “Xdb.Endabled” = false
  • ASP.NET Seession State - Enabled

Personalisation without Xdb?

What can you personalise with if you aren’t using Xdb? Well certainly you are going to be limited what you can personalise on, but you can still personalise on

  • Request Url
  • Request Headers
  • Request Cookies
  • Geo Location of Request

Think anything in the current request, but not their History like you would if had an Xdb profile, or current browsing session for previous pages visited available with session state.

What’s the problem with turning on Session State and Xdb Tracking

Well other than having to enable features that aren’t required, and it not being tidy.

Both of these two features cause cookies to be issued.

  • SC_ANALYTCS_GLOBAL_COOKIE
  • ASP.NET_SessionId

If you want to cache the response in a CDN then you can’t emit these request specific cookies at origin, the CDN won’t cache these responses. (Maybe with some custom logic to strip them?)

And trying to remove these cookies from being sent before the ASP.NET pipeline has flushed the response headers (after which can’t remove the headers as the client has already been sent the headers), can be quite tricky, especially for the ASP.NET Session State cookie which gets added to the response when the ASP.NET Session State object is accessed if it doesn’t already exist.

So trying to find the sweet spot in the ASP.NET pipeline when Sitecore has finished accessing the Session State object, and before ASP.NET has flushed the response headers, can be quite tricky. Or actually impossible to guarantee 100% of the time.

Solution - Hotfix for Sitecore 9.3

Sitecore Hotfix 448700 for Sitecore 9.3 fixes this.

As I understand it this issue might have been fixed in Sitecore 10 possibly, and has been backported, based on conversations, but I’ve not tested if this is fixed in Sitecore 10.

With this hotfix, gone is the need for Session State on Content Delivery and Xdb.Tracking.Enabled.
Gone is the need for the work arounds to remove these cookies from the response before they are sent.
And can still have renderings personalised based on the current request.

 

Can have cake and eat it